• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Personal liability of Systems Administrators

D

dino8031

Member
I would like to know if there is any personal liability, either financial or otherwise for IT people or systems administrators if unlicensed software is installed on desktops or laptops on the networks under their jurisdiction.

Can anyone shed some light on this?

My guess is that there is no simple answer but some guidelines would be appreciated.

A good source for real-world policies and best practices would also be helpful.
 
Contractor or employee?

Whoever owns the systems that have the illegal software are liable. So if you're an employee, you'd probably just get fired. If you're a contractor, maybe get sued?

This is a guess though, I'm sure someone can give you a more definite answer.
 
It really depends on what software it is, and how many un licenced copies there are. The employer is the one held liable but they can fire the employee and sue for damages incured. Most companies however will give you 3 options if they find out. 1. Buy the software, 2. Delete it and destroy all copies, 3.Face charges.
 
Jeffry left out a detail or two:

1.) Buy it (for ten times or more the regular retail price)
2.) Delete it and destroy all the bootleg copies (and pay a massive fine depending on the level of abuse)
3.) Face Charges (and pay a massive fine in addition to the trial and lawyer fees)

If you get caught bootlegging in a commercial environment, there's no cheap way out. You'd be looking at tens-to-hundreds of thousands of dollars in fines and fees (in addition to the legal fees).

If the company has a "shrink wrap" policy and it's found that the administrator or users put on illicit software, the company will pay the fines, but recover them from the offending employee(s) - check your IT policies and company code of conduct.

All it takes is one "disgruntled" employee dropping a dime and the jig is up.

Good Luck

Scott
 
Originally posted by: dino8031
I would like to know if there is any personal liability, either financial or otherwise for IT people or systems administrators if unlicensed software is installed on desktops or laptops on the networks under their jurisdiction.

Can anyone shed some light on this?

My guess is that there is no simple answer but some guidelines would be appreciated.

A good source for real-world policies and best practices would also be helpful.
Click to expand...

No personal liablity at all that I can think of. As long as you are working for the company any liablity is the company's. That's why whenever you sign anything you put the company name. Never sign with your name alone.
 
How exactly does the whole process work? With whom is the original complaint filed and how does the investigation proceede? Is there some kind of government agency that breaks down your door unannounced and holds you at gunpoint while they check the licenses on your PC's?
I'll use the model of a small business with around 20 machines. All Operating systems are legal but there may or may not be instances of the same OS installed on a couple different PC's and perhaps the same scenario with an office suite product. The server may have 15 instead of 20 licenses, that kind of thing. Is such a scenario of any interest to anyone who investigates software piracy abuse and is it subject to huge liabilities for such infractions? I'm not trying to justify illegal software, I'm just trying to determine how dangerous the situation is and how quickly it needs to be remedied.
 
I am not a lawyer, or anthing, but from what I've been told in the shops I've worked in, the situation can be rather closer to Dino's hypothetical situation than one might like. I don't think that there is an agency per se; but I think that the BSA, if it cares to, can have law enforcement agents(sheriffs I think; but my memory is getting fuzzy on that point) accompany them on a raid of your premises. If they find anything untward they can, as noted above, get abundantly nasty about it.
 
Most often, it's the Federal Marshalls that come a'knockin'.

Someone calls in with a "good faith" complaint (they try to qualify it for validity), they will attempt to get a sworn affadavit from the individual ("reasonable suspicion" must still be proven).

Court action is initiated, a search warrant is issued, and the marshalls hit the road heading your way. Because it is usually an inter-state commerce thing, the suit is usually Federal (hence, the Marshalls).

For the couple instances that I've heard about, the Marshals come in and order everyone out of the building or into a benign area (remain on the premises) ... the object is to remove the possibility of someone changing / removing / dumping the illegal materials.

The marshalls will audit / oversee the audit of all of the software on every machine. When the audit is complete, a demand will be made for the licenses of each software product. If the license count and product count don't agree, then action is decided and taken.

Easy enough.

Depending on other news of the day, you might even get a spot on the local news "Local company raided by FEDs due to possible software violations" ... great publicity. Certainly worth the couple hundred / thousands of dollars saved by bootlegging the software. The BSA might even call the news guys for you, it helps their cause to get the word out.

When I was working with a VAR, we had a couple customers with store rooms that held nothing but software licenses (this was before "Site Licenses" were popular and available) just to cover their legal a$$ for software usage.

FWIW

Scott
 
It's nice to know that it takes a bit more then an anonymous phone call from a disgrunteled former employee to have US Marshals breaking down your door to shoot you for having an expired evaluation copy of Winzip on your laptop.

What I'm hearing is that as close to full compliance as possible is the smartest and best way to go. I'll put forth my best efforts to get everything squared away. Thanks guys.
 
I guess this suggestion has been at least implicit, if not explicit, in some of the warniings earlier in the thread. The important thing for an IT profesional who suspects the presence of illegitimate software on company machines is to make note of the fact and suggest compliance in a provable manner. It's nice to have a paperwork and / or e-mail trail that at least proves that you have done your best to help your company come into compliance with licensing agreements. It's not in the best interests of the software companies or law enforcement agencies to blame a regular IT guy for something that was caused, or at least allowed, by sloppy management practices. Put your suggestions down in black & white, and keep copies of your own, along with all responses made by management / owners. Neither you nor the company has to be perfect, but it's a good idea to be able to prove that you were diligent.
 
Good Points.

The most important factor for all of this is that the company *must* have a policy and be willing to enforce it. Same for basic security: Without a policy (that's enforced) in place, the company hasn't a leg to stand on when users start loading up their favorite (ilicit) stuff.

If your company doesn't have policy, draft one up, push it through whatever departments you must, get it signed by the top boss, then put it out to all the employees. Generally, it becomes a "sign-off" item (everyone must read it and sign an acknowledgement).

That's the starting point. Next you have to find the violators and get them squared away; then get into maintenance mode.

There are a number of software maintenance / inventory packages available. Many / most / all have some client loaded on each PC that runs periodically and reports back to a central server for reporting. Properly setup, this becomes your primary defense in the event of an audit or court action.

Good Luck

Scott
 
The BSA? Nope not much of a threat. When they come a knocking, just politely tell them you're not interested and close the door. They can complain to whoever the hell they want. No law enforcement agency can touch the network without a warrant, which is impossible to get based on the word of a plaintf without prior evidence. That's the key point though, if they have a witness (as mentioned above), not just some disgruntled goof who called them up anonymously, then and only then do they usually have a chance of getting Johnny Law involved.

I speak from experience.


And should you offer the point to get things squared away, but management balks, be sure to get it in writing that they denied your recommendation. Actually, this applies to pretty much everything you may do. This way when bad things happen you have evidence to CYA claims that it was management that fscked up and not you..
 
Sorry to thread-jack. I am trying to learn about all of the details of the Microsoft licensing system. Can anyone provide some links to places that can cover this?

Thanks! 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top